Dropbear Vulnerability in Perl Affects Net::Dropbear by Atrodo
CVE-2025-15638

10CRITICAL

Key Information:

Vendor

Atrodo

Status
Net::dropbear
Vendor
CVE Published:
21 April 2026

What is CVE-2025-15638?

The Net::Dropbear library for Perl, specifically versions before 0.14, incorporates a vulnerable implementation of libtomcrypt. This vulnerability potentially exposes users to significant security risks associated with earlier versions of Dropbear (2019.78 or earlier) and libtomcrypt (v1.18.1 or earlier), which have been known to have vulnerabilities that could lead to unauthorized access or data breaches.

Affected Version(s)

Net::Dropbear 0 < 0.14

References

https://www.cve.org/CVERecord?id=CVE-2016-6129
vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2018-12437
vendor-advisory
https://metacpan.org/release/ATRODO/Net-Dropbear-0.14/sou...
release-notes

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.